Securely using service providers in elastic computing systems and environments

ABSTRACT

Access permission can be assigned to a particular individually executable portion of computer executable code (“component-specific access permission”) and enforced in connection with accessing the services of a service provider by the individually executable portion (or component). It should be noted that least one of the individually executable portions can request the services when executed by a dynamically scalable computing resource provider. In addition, general and component-specific access permissions respectively associated with executable computer code as a whole or one of it specific portions (or components) can be cancelled or rendered inoperable in response to an explicit request for cancelation.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application claims priority to U.S. Provisional Patent Application No. 61/222,654, entitled “EXTENDING THE CAPABILITY OF COMPUTING DEVICES BY USING ABSTRACT AND DYNAMICALLY SCALABLE EXTERNAL RESOURCES,”, filed Jul. 2, 2009, and to U.S. Provisional Patent Application No. 61/222,855, entitled “SECURING ELASTIC APPLICATIONS ON MOBILE DEVICES FOR CLOUD COMPUTING,”, filed Jul. 2, 2009. This application is a continuation-in-part of pending U.S. patent application Ser. No. 12/559,394 entitled “EXTENDING THE CAPABILITY OF COMPUTING DEVICES BY USING DYNAMICALLY SCALABLE EXTERNAL RESOURCES,”, filed on Sep. 14, 2009. All of the foregoing applications are hereby incorporated herein by reference in their entirety for all purposes.

BACKGROUND OF THE INVENTION

Conceptually, a computing system (e.g., a computing device, a personal computer, a laptop, a Smartphone, a mobile phone) can accept information (content or data) and manipulate it to obtain or determine a result based on a sequence of instructions (or a computer program) that effectively describes how to process the information. Typically, the information is stored in a computer readable medium in a binary form. More complex computing systems can store content including the computer program itself. A computer program may be invariable and/or built into, for example, a computer (or computing device) as logic circuitry provided on microprocessors or computer chips. Today, general purpose computers can have both kinds of programming. A computing system can also have a support system which, among other things, manages various resources (e.g., memory, peripheral devices) and services (e.g., basic functions such as opening files) and allows the resources to be shared among multiple programs. One such support system is generally known as an Operating System (OS), which provides programmers with an interface used to access these resources and services.

Today, numerous types of computing devices are available. These computing devices widely range with respect to size, cost, amount of storage and processing power. The computing devices that are available today include: expensive and powerful servers, relatively cheaper Personal Computers (PC's) and laptops, and yet less expensive microprocessors (or computer chips) provided in storage devices, automobiles, and household electronic appliances.

In recent years, computing systems have become more portable and mobile. As a result, various mobile and handheld devices have been made available. By way of example, wireless phones, media players, Personal Digital Assistants (PDA's) are widely used today. Generally, a mobile or a handheld device (also known as a handheld computer or simply a handheld) can be a pocket-sized computing device, typically utilizing a small visual display screen for user output and a miniaturized keyboard for user input. In the case of a Personal Digital Assistant (PDA), the input and output can be combined into a touch-screen interface.

In particular, mobile communication devices (e.g., mobile phones) have become extremely popular. Some mobile communication devices (e.g., Smartphones) offer computing environments that are similar to that provided by a Personal Computer (PC). As such, a Smartphone can effectively provide a complete operating system as a standardized interface and platform for application developers.

Another more recent trend is the ever-increasing accessibility of the Internet and the services that can be provided via the Internet. Today, the Internet can be accessed virtually anywhere by using various computing devices. For example, mobile phones, smart phones, datacards, handheld game consoles, cellular routers, and numerous other devices can allow users to connect to the Internet from anywhere in a cellular network. Within the limitations imposed by the small screen and other limited and/or reduced facilities of a pocket-sized or handheld device, the services of the Internet, including email and web browsing, may be available. Typically, users manage information with web browsers, but other software can allow them to interface with computer networks that are connected to or by the Internet. These other programs include, for example, electronic mail, online chat, file transfer and file sharing. Today's Internet can be viewed as a vast global network of interconnected computers, enabling users to share information along multiple channels. Typically, a computer that connects to the Internet can access information from a vast array of available servers and other computers by moving information from them to the computer's local memory. The Internet is a very useful and important resource as readily evidenced by its ever increasing popularity and widening usage and applications.

The popularity of computing systems is evidenced by their ever increasing use in everyday life. Accordingly, techniques that can improve computing systems would be very useful.

SUMMARY OF THE INVENTION

Broadly speaking, the invention relates to computing systems and computing environments. More particularly, the invention relates to techniques for securely using services of a service provider in an Elastic computing environment where an individually executable portion (or component) of executable computer code (e.g., a weblet of a web-based application) can request services of a service provider (e.g., a web service) when executed in or by a dynamically scalable computing resource (e.g., a cloud). Among other things, in an Elastic computing environment, computing capabilities of a computing system (e.g., a computing device) can be effectively extended in a dynamic manner at runtime.

In accordance with one aspect of the invention, an access permission can be assigned to a particular individually executable portion of computer executable code (“component-specific access permission”) and enforced in connection with accessing the services of a service provider by the individually executable portion (or component). In one embodiment, a computing system is operable to determine and/or obtain multiple component-specific access permissions respectively assigned to individually executable portions of computer executable code for accessing the services of a service provider. It should be noted that at least one of the individually executable portions can request the services when executed by a dynamically scalable computing resource provider. The computing system can also be operable to enforce, cause enforcement, or facilitate enforcement of a component-specific access permission in connection with accessing the services of the service provider by a particular portion of the executable computer code.

In accordance with another aspect of the invention, general and component-specific access permissions respectively associated with executable computer code as a whole or one of its specific portions (or components) can be cancelled or rendered inoperable in response to an explicit request for cancellation. In one embodiment, a computing system is operable to cancel or render inoperable general and component-specific access permissions in response to an explicit request made for cancellations. It should be noted that general and component-specific access permissions can be respectively associated with general and specific indicators (e.g., a token and a number of sub-tokens) issued by the computing system. As such, the computing system can effectively cancel or render inoperable the indicators in order to withdraw access previously granted as general and component-specific access permissions. By way of example, the computing system can be a service provider (e.g., a web service) operable to recognize general and component-specific access permissions, grant them accordingly, and effectively deny access after a request for cancellation has been received. As another example, the computing system can be a proxy server that can effectively manage general and component-specific access permissions. It will be appreciated that the proxy server can interface with a conventional service provider which need not be aware of the specific access permissions managed by the proxy server.

Generally, the invention can be implemented in numerous ways, including, for example, a method, an apparatus, a computer readable (and/or storable) medium, and a computing system (e.g., a computing device). A computer readable medium can, for example, include and/or store at least executable computer program code in a tangible form.

Other aspects and advantages of the invention will become apparent from the following detailed description, taken in conjunction with the accompanying drawings, illustrating by way of example, the principles of the invention.

BRIEF DESCRIPTION OF THE DRAWINGS

The present invention will be readily understood by the following detailed description in conjunction with the accompanying drawings, wherein like reference numerals designate like structural elements, and in which:

FIG. 1A depicts a computing device in accordance with one embodiment of the invention.

FIG. 1B depicts a method for extending (or expanding) the internal capabilities of a computing device in accordance with one embodiment of the invention.

FIG. 1C depicts a method for extending (or expanding) the capabilities of a computing device in accordance with another embodiment of the invention.

FIG. 1D depicts a method for executing executable computer code in accordance with another embodiment of the invention.

FIG. 2 depicts a computing environment in accordance with one embodiment of the invention.

FIG. 3 depicts a computing device in a Web-based environment in accordance with one exemplary embodiment of the invention.

FIGS. 4A, 4B, 4C and 4D depict various configurations of a dynamically adjustable (or Elastic) computing device in accordance with a number of embodiments of the invention.

FIG. 5 depicts an Elastic mobile device (or mobile terminal) operable to effectively consume cloud resources via an Elasticity service in a computing/communication environment in accordance with one embodiment of the invention.

FIG. 6A depicts an Elastic computing environment 600 in accordance with one embodiment of the invention.

FIG. 6B depicts a method for enforcing access permissions (or permissions) for accessing services of a service provider in accordance with one embodiment of the invention.

FIG. 7A depicts a web-based Elastic computing environment in accordance with one embodiment of the invention.

FIG. 7B depicts a method for allowing a weblet to access a web service in accordance with one embodiment of the invention.

DETAILED DESCRIPTION OF THE INVENTION

As noted in the background section, computing environments and systems are very useful. Today, various computing devices have become integrated in everyday life. In particular, portable computing devices are extremely popular. As such, extensive efforts have been made to provide cheaper and more powerful portable computing devices. In addition, it is highly desirable to provide modern Consumer Electronic (CE) devices with extensive computing capabilities. However, conventional computing environments and techniques are not generally suitable for providing modern portable and CE computing devices. In other words, conventional computing environments provided for more traditional computing devices (e.g., Personal Computers, servers) can be relatively complex and/or expensive and not generally suitable for modern CE computing devices, especially for a CE device intended to operate with limited and/or reduced resources (e.g., processing power, memory, battery power) and/or provide other functionalities (e.g., make phone calls, function as a refrigerator). In some cases, the computing capabilities of a CE device would serve as a secondary functionality (e.g., televisions, refrigerators, etc.). As such, it is not very desirable to use a relatively complex and expensive computing environment in order to provide modern CE devices with extensive computing capabilities.

In view of the foregoing, improved computing environments are needed.

It will be appreciated that the invention provides improved computing environments and computing techniques. More particularly, the invention provides techniques for securely using services of a service provider in an Elastic computing environment where an individually executable portion (or component) of executable computer code (e.g., a weblet of a web-based application) can request services of a service provider (e.g., a web service) when executed in or by a dynamically scalable computing resource (e.g., a cloud). Among other things, in an Elastic computing environment, computing capabilities of a computing system (e.g., a computing device) can be effectively extended in a dynamic manner at runtime.

In accordance with one aspect of the invention, an access permission can be assigned to a particular individually executable portion of computer executable code (“component-specific access permission”) and enforced in connection with the accessing of the services of a service provider by the individually executable portion (or component). In one embodiment, a computing system is operable to determine and/or obtain multiple component-specific access permissions respectively assigned to individually executable portions of computer executable code for accessing the services of a service provider. It should be noted that at least one of the individually executable portions can request the services when executed by a dynamically scalable computing resource provider. The computing system can also be operable to enforce, cause enforcement, or facilitate enforcement of a component-specific access permission in connection with the accessing of the services of the service provider by a particular portion of the executable computer code.

In accordance with another aspect of the invention, general and component-specific access permissions respectively associated with executable computer code as a whole or one of its specific portions (or components) can be cancelled or rendered inoperable in response to an explicit request for cancellation. In one embodiment, a computing system is operable to cancel or render inoperable general and component-specific access permissions in response to an explicit request made for cancellations. It should be noted that general and component-specific access permissions can be respectively associated with general and specific indicators (e.g., a token and a number of sub-tokens) issued by the computing system. As such, the computing system can effectively cancel or render inoperable the indicators in order to withdraw access previously granted as general and component-specific access permissions. By way of example, the computing system can be service provider (e.g., a web service) operable to recognize general and component-specific access permissions, grant them accordingly, and effectively deny access after a request for cancellation has been received. As another example, the computing system can be a proxy server that can effectively manage general and component-specific access permissions. It will be appreciated that the proxy server can interface with a conventional service provider which need not be aware of the specific access permissions managed by the proxy server.

Embodiments of these aspects of the invention are discussed below with reference to FIGS. 1A-7B. However, those skilled in the art will readily appreciate that the detailed description given herein with respect to these figures is for explanatory purposes, as the invention extends beyond these limited embodiments.

FIG. 1A depicts a computing device (or computing system) 100 in accordance with one embodiment of the invention. Referring to FIG. 1A, the computing device 100 can effectively use one or more of its computing resources (“internal computing resources”) 102 to perform various computing tasks, including loading and execution of executable computer code 104 (e.g., a computer application program). As will be known to those skilled in the art, the internal computing resources 102 can, for example, include one or more processors, memory, non-volatile memory, storage memory, RAM memory, a computer readable storage medium storing executable computer code, and so on. The executable computer code 104 can, for example, be stored partly or entirely by the internal computing resources 102 of the computing device 100, stored on one or more other devices including various storage devices (e.g., a Compact Disk) and/or be distributed among various entities including server computing systems (or servers) and various storage facilities. Generally, the executable computer code 104 can be stored in a computer readable storage medium provided for the computing device 100 and/or another entity. As such, the computing device 100 can be operable to store at least a first portion 104A of the executable computer code 104 internally and for execution by its internal computing resources 102.

Moreover, it will be appreciated that the computing device 100 can be operable to effectively facilitate and/or cause execution of the executable computer code 104 by a Dynamically Scalable Computing Resource (DSCR) 106 that can provide scalable computing resources on-demand and as needed by the computing device 100, in a dynamic manner. As such, the computing device 100 can be operable to use the internal computing resources 102, as well as one or more (external) computing resources (“external computing resources”) 108 of the DSCR 106. In other words, the computing device 100 can be operable to effectively use both internal computing resources 102 and external computing resources 108 in order to effectively facilitate, initiate, resume and/or cause execution of various portions (or parts) of the executable computer code 104 (e.g., a first and second portions 104A and 104B can be executed using respectively internal and external computing resources 102 and 108).

More particularly, the computing device 100 can effectively provide an Elastic Computing System (ESC) 101 operable to effectively extend the internal computing resources 102 by utilizing (or effectively using) the external computing resources 108 of the DSCR 106. It should be noted that DSCR 106 can effectively provide a layer of abstraction so that the ESC 101 need not specifically address a specific computing resource (e.g., a computing resource R1 of a computing device of Machine M1) or “know” the identity of a specific machine (or device) M1 that executes the second portion 104B of the executable computer code 104 on behalf of the computing device 100. As such, the DSCR 106 can be provided as an ADSCR 106, as will be appreciated by those skilled in the art. As a result, the ESC 101 can be operable to effectively use the computing resources of various entities including, for example, Machine 1 (M1) and Machine 2 (M2) of the ADSCR 106 by addressing an interface 110, whereby the computing resources 108, and/or services provided by them, can be effectively abstracted from the computing device 100.

It will also be appreciated that the ESC 101 can be operable to determine, during the runtime of the executable computer code 104, whether to execute or continue to execute one or more portions of the executable computer code 104 by effectively using the DSCR 106, thereby dynamically determining during runtime, the relative extent of allocation of execution of the executable computer code 104 between the internal computing resources 102 of the computing system 100 and external computing resources 108 of the DSCR 106. Based on this determination of the relative extent of allocation of execution, the ESC 101 can also be operable to effectively use the one or more external resources 108 of the DSCR 106 for execution of one or more portions of the executable computer code 104. In other words, the ESC 101 can cause the execution of one or more portions of the executable computer code 104 when it determines to execute one or more portions of the executable computer code 104 by effectively using one or more of the external resources 108 of the DSCR 106.

It should be noted that the determination of the relative extent of allocation of execution of the executable computer code 104 can, for example, occur when one or more portions of the executable computer code 104 is to be loaded for execution, one or more portions said executable computer code 104 is to be executed, one or more portions of the executable computer code 104 is being executed by one or more of the internal computing resources 102, and/or when one or more portions the executable computer code 104 is being executed by the external computing resources 108. Generally, this determination can be made during runtime when executable computer code 104 is to be loaded for execution, or is to be executed (e.g., after it has been loaded but before execution), or is being executed.

It should also be noted that determination of the relative extent of allocation of execution of the executable computer code 104 can be performed by the ESC 101, without requiring user input, thereby automatically determining the relative extent of allocation of execution of the executable computer code 104 between said one or more internal computing resources 102 and one or more external resources 108. However, it should be noted that the ESC 101 may be operable to make this determination based on one or more preferences that can, for example, be provided as a set of predetermined user-defined preferences (e.g., minimize power or battery usage, use internal resources first, maximize performance, minimize monetary cost). The ESC 101 may also be operable to make the determination of the relative extent of allocation of execution of the executable computer code 104 based on input explicitly provided by a user at runtime. By way of example, the ESC 101 may be operable to request user input and/or user confirmation prior to allocation of execution to the DSCR 106.

This determination can, for example, be made based on one or more capabilities of the internal computing resources 102, the monetary cost associated with using the external resources 108, expected and/or expectable latency for delivering services by the external resources 108, network bandwidth for communication with the DSCR 106, status of one or more physical resources, battery power of the computing system 100, one or more environmental factors, the physical location of the computing system 100, number and/or types of applications being executed on the computing system 100, and/or the type of applications to be executed.

It will be appreciated that the ESC 101 can be operable to determine the relative extent of allocation of execution of the executable computer code 104 between the internal and external computing resources 102 and 108 without requiring code developers to explicitly define the extent of the allocation. In other words, the ESC 101 can determine the extent of execution allocation to external computing resources 108 and make the allocation accordingly without requiring the executable computer code 104 to effectively provide any instructions with respect to allocation of execution between the internal and external computing resources 102 and 108. As a result, computer application developers need not develop applications that explicitly define allocation between internal and external computing resources of a computing system or a device. It should be noted that the developer can explicitly identify code portions (or code fragments) to be allocated for execution using internal and external computing resources. However, the ESC 101 can determine which of the code portions are to be executed by internal or external computing resources.

It will also be appreciated that the ESC 101 can be operable to effectively increase and/or decrease the extent of the effective use of the one or more external resources 108 of the DSCR 106 during runtime of the executable computer code 104, thereby effectively providing dynamic Elasticity to modify and/or adjust the extent of allocation of execution to execute more or less portions of the executable computer code 104 during runtime. The one or more portions of the executable computer code 104 can be relocate and/or replicable code, as will be appreciated by those skilled in the art. Moreover, the ESC 101 can be operable to effectively relocate one or more re-locatable and/or replicable code portions 104 from the computing system 100 to the DSCR 106, or vice versa, during runtime of the executable computer code 104.

In other words, the computing device 100 can be operable to vary the extent of execution allocation of the executable computer code 104, during runtime, between various allocation stages. These allocation stages include: (i) an internal allocation stage when the executable computer code 104 is executed entirely and/or using only the internal computing resources 102, (ii) a split allocation stage when the executable computer code is executed using both internal and external computing resources 102 and 108, and (iii) an external allocation stage when the executable computer code 104 is executed entirely and/or using only the external computing resources 108. As such, the computing device 100 can be operable to vary the extent of execution allocation of the executable computer code 104, during runtime, to provide “vertical” Elasticity between the internal computing resources 102 and the external computing resources 108 of the DSCR such that executable computer code 104 is executed using only the internal computing resources 103 or is “split” between the internal and external computing resources 102 and 108 so that at least a first executable portion 104A is executed using internal computing resources 102 and at least a second executable portion 104B is executed using the external computing resources 108.

In addition, it should be noted that the ESC 101 can be operable to cause execution of at least two portions of said executable code respectively on two nodes (e.g., machines M1 and M2) of the DSCR 106. By way of example, the ESC 101 can be operable to cause execution of at least two processes associated with the executable computer code 104 respectively on two separate computing nodes of the executable computer code 104.

In view of the foregoing, it will be apparent the ESC 101 allows the computing device 100 to effectively extend its computing capabilities beyond its internal computing capabilities effectively defined based on the capabilities of the internal computing resources 102. As such, the computing device 100 need not be bound by the limits of its internal computing capabilities, but may be bound by the limits of the external computing resources of the DSCR 106 which may be relatively and/or virtually unlimited with respect to the internal computing resources 102. As a result, the computing device may be provided with very limited, reduced and/or cheap internal resources, but be operable to effectively provide computing capabilities that are bound only by the virtually limitless external resources of dynamically scalable resources (e.g., a “Cloud” Computing Resources capable of providing virtually as much computing capabilities as may be desired by a single computing device).

It will also be appreciated that the ESC 101 can be operable to cause execution of the one or more portions of the executable computer code 104 by one or more external resources 108 without copying any operating environment (e.g., an operating system, an image) of the computing device 100 which is operable to execute the one or more portions of the executable computer code 104 on the computing device 100.

The ESC 101 can be operable to obtain (e.g., generate, receive) a first output data as a result of the execution of the first executable computer code portion 104A by the internal computing resources 102. In addition, the ESC 101 can be operable to obtain second output data as a result of the execution of the second portion 104B of the executable computer code 104. This means that the first and second output data associated respectively with the execution of the first and second portions (104A and 104B) can both be made available as a collective result of the executable computer code 104. As a result, the computing device 100 can provide execution output (e.g., computing services) in a similar manner as would be provided had the execution been performed using only the internal computing resources 102. It should be noted that the ESC 101 can be operable to effectively facilitate, initiate, resume and/or cause execution of one or more portions of the executable computer code 104 by using one or more external computing resources 108 of the DSCR 106, or by facilitating, initiating, resuming and/or causing the execution by the DSCR 106 (i.e., causing the DSCR to execute the executable computer code 104 using its computing resources 108). An external computing resource 108 (e.g., R1 and R2) may, for example, provide both the processing power and memory needed to execute one or more portions of the executable computer code 104, or support the execution by providing only memory or only processing power required for execution.

In general, the ESC 101 can be operable to effectively request computing services from the DSCR 106. As a dynamically scalable resource provider, the DSCR 106 can provide computing resources on demand and to the extent needed during execution time so that it can execute at least both first and second portions (104A and 104B) of the executable computer code 104. It will be appreciated that the computing resources of the DSCR 106 can far exceed the internal computing resources 102 of the computing device 100. By way of example, the computing device 100 can be a computing device with relatively limited and/or reduced computing resources 102 in comparison to a “Cloud” computing resource (106) that can provide scalable computing resources, including processing power and memory, dynamically and on demand, to the extent requested by the ESC 101 of the computing device 100.

A “Cloud” computing resource is an example of a Dynamically Scalable Computing Resource capable of providing computing services over the Internet and using typically virtualized computing resources, as will be readily known to those skilled in the art. Generally, using a dynamically scalable external resource, the ESC 101 can effectively provide a virtual device with computing capabilities far exceeding its relatively limited and/or reduced internal computing resources 102.

It should also be noted that the ESC 101 can effectively use the dynamic scalability of the DSCR 106 in order to provide a dynamically adaptable device capable of effectively providing computing services on the demand and as needed. As such, the ESC 101 can be operable to effectively switch between internal computing resources 102 and external computing resources 108 at runtime during the execution of the executable computer code 104. By way of example, the ESC 101 can be operable to cause execution of a third portion 104C of the executable computer code 104 by the DSCR 106, after initiating or causing execution of the first or second portions (104A and 104B) of the executable computer code 104 and possibly while the first and/or second portions (104A and 104B) of the executable computer code 104 are being executed. As another example, the ESC 101 can be operable to execute or resume execution of the second portion 104B of the executable computer code 104 using the internal computing resources 102 after effectively initiating or causing execution of the second portion 104B of the executable computer code 104 on the DSCR 106. As yet another example, the ESC 101 can be operable to effectively facilitate, cause, or resume execution of a first portion 104A by the DSCR 106 after initiating the execution of the first portion 104A and while it is still being executed on the internal computing resource 102.

Generally, the ESC 101 can be operable to determine whether to execute at least a portion of the executable computer code 104 using an external computing resource such as the external computing resources 108 provided by the DSCR 106. Those skilled in the art will appreciate that this determination can be made based on various factors including, for example, one or more of the following: capabilities of the internal computing resources 102, the monetary cost associated with external resources, expected and/or expectable latency for delivering services, network bandwidth, status of physical resources (e.g., current battery power), environmental factors (e.g., location).

The ESC 101 can also be operable to coordinate the internal and external execution activities. By way of example, the ESC 101 can be operable to effectively coordinate execution of a first executable code portion 104A using internal computing resources 102 with the execution of a second executable code portion 104B using DSCR 106, thereby effectively using both internal and external computing resources to execute said executable computer code in a coordinated manner. As part of the coordination activities, the ESC 101 can be operable to obtain first and second output data respectively for the first and second executable code portions as a collective result, thereby making available on the ESC 101 both the first and second output data as a collective result of execution of the executable computer program code 104. It will be appreciated that the ESC 101 can provide the collective result as if the entire executable code 104 has been executed using internal computing resources 102. A user of the ESC 101 need not be aware that external computing resources are being used and computing service can be delivered in a meaningful way. In addition, ESC 101 allows development and execution of the same executable computer code (e.g., a computer application program) for various devices ranging from those that may have very limited and/or reduced computing resources to those with very extensive computing resources, thereby enhancing the software development process and maintenance.

In view of the foregoing, it will readily be appreciated that the computing device 100 can, for example, be a Consumer Electronic (CE) device, a mobile device, a handheld device, a home appliance device (a Television, a refrigerator) with relatively limited and/or reduced built-in computing resources. Moreover, it will be appreciated that ESC 101 is especially suitable for CE and/or mobile devices with general characteristics that include limited and/or reduced computing resources and/or power, varying communication speed, quality and/or responsiveness to the user.

FIG. 1B depicts a method 150 for extending the capabilities (or extending the internal capabilities) of a computing device in accordance with one embodiment of the invention. Method 150 can, for example, be performed by the computing device 100 depicted in FIG. 1A.

Referring to FIG. 1B, initially, it is determined (152) whether to execute executable computer code. In effect, the method 150 can wait until it is determined (152) that executable computer code is to be executed. If it is determined (152) to execute executable computer code, the method 150 can proceed to determine whether to use external computing resources and/or the extent of respective use of internal and external computing resources in order to execute the executable computer code. As a result, execution of at least a portion of the executable computer code can be initiated (156B) using one or more internal computing resources of the computing device (or a particular computing environment or computing system). In addition, execution of at least a portion of the executable computer code can be initiated, facilitated and/or caused (156B) using a DSCR. In other words, one or more computing resources of a DSCR can be effectively requested to be provided to the computing device as one or more external resources. Those skilled in the art will readily appreciate that generally, execution (156A and 156B) can be initiated using internal and external computing resources (156A and 156B) substantially in parallel or virtually at the same time. Furthermore, it will be appreciated that execution of various portions of the executable computer code can effectively switch between internal and external computing resources. Referring back to FIG. 1B, it can optionally be determined (158) whether to switch execution of one or more portions of executable computer code from an external computing resource, namely, a DSCR, to one or more internal computing resources. As a result, execution of a portion of the executable computer code can be initiated using an external computing resource, but later moved and/or resumed using an internal computing resource. Similarly, it can optionally be determined (159) whether to switch execution of one or more portions of the executable computer code from one or more internal computing resources to one or more external computing resources and the usage of computing resources can be changed accordingly.

It should be noted that execution of executable computer code using respectively internal and external computing resources can end if it is determined to end (160A) execution using internal computing resources or end (160B) execution using external computing resources. The method 150 can proceed in a similar manner to execute executable computer code using internal and/or external computing resources while allowing usage of these resources to be adjusted during execution time in a dynamic manner, as depicted in FIG. 1B.

FIG. 1C depicts a method 180 for extending the capabilities (or extending the internal capabilities) of a computing device in accordance with another embodiment of the invention. Method 180 can, for example, be performed by the computing device 100 depicted in FIG. 1A. Referring to FIG. 1C, initially, coordination (182) of execution of executable code is initiated. Generally, this coordination (182) can coordinate use of internal and external computing resources. In other words, coordination between use of internal and external computing resources for executing executable computer program code can be initiated. Typically, the coordination (182) coordinates: (a) execution or execution related activities using internal computing resources, and (b) execution or execution related activities using external computing resources. The internal computing resources can be provided by the computing device and external computing resources can be provided by a Dynamically Scalable Computing Resource.

Referring back to FIG. 1C, two exemplary operations that can be coordinated (182) are depicted. A first operation is depicted as initiating (184A) execution of at least a first portion of executable computer code by using one or more internal computing resources of a computing device. A second operation is depicted as effectively using (184B) external computing resources of a least one DSCR for execution of a second portion of the executable code. Those skilled in the art will readily appreciate that these exemplary operations (184A and 184B) can be initiated in various orders or in parallel.

As a part of this coordination (182), the coordination (182) can determine when to initiate each of the exemplary operations (184A and 184B), and initiate them accordingly. In effect, the coordination (182) can continue to effectively coordinate (a) execution of the first portion of executable computer code using internal computing resources with (b) execution of the second portion of executable computer code using external computing resources of a DSCR.

Those skilled in the art will appreciate that the coordination (182) can, for example, include: generating a first output for execution of the first portion of the executable computer code by using internal computing resources, and obtaining a second execution result as a result of execution of the second portion of the executable computer code by one or more external computing resources. Referring back to FIG. 1C, as a part of the coordination (182), it can be determined (188) whether the results of the executions (184A and 184B) are available. Accordingly, a collective result of the execution of the first and second portions of the code can be generated (190) as a part of the coordination (182). It should be noted that the collective result may be presented by the computing device and/or made available by the computing system.

However, if it is determined (188) that the results of the executions are not available, it can be determined (192) whether to adjust and/or re-coordinate the execution of the executable computer code. Accordingly, the execution of the executable computer can be dynamically adjusted and/or re-coordinated (194). By way of example, execution of the second code portion can be reinitiated using the same external computing resource. It can be initiated using a different external computing resource, or it can be switched to an internal resource. In addition, error handling and/or error recovery may also be performed.

Those skilled in the art will appreciate that coordinating (182) or re-coordinating (194) can, for example, also include: determining when to effectively initiate execution of executable computer code using an internal or external computing resources, selecting a DSCR from a set of DSCR's, and selecting one or more external resources (e.g., a specific type of resource, a specific resource among other similar resources). Other examples include: determining a location for sending a request for execution of executable computer code (or a portion thereof), sending to the determined location a request for the execution of the executable computer code, and obtaining from the location the execution result.

FIG. 1D depicts a method 195 for execution of executable computer code in accordance with one embodiment of the invention. Method 195 can, for example, be performed by the computing device 100 depicted in FIG. 1A. Initially, it is determined (196) whether to execute or continue to execute one or more portions of executable computer code by effectively using a Dynamically Scalable Computing Resource. The determination (196) can, for example, be determined at runtime, thereby dynamically determining the relative extent of allocation of execution of the executable computer code between internal and external computing resources computing resources. If it is determined (196) not to execute or not to continue to execute at least one portion of the executable computer code, it is determined (197) whether to end (or not initiate) execution of the executable computer code. Consequently, the method 195 can end or result in execution (199) of the executable computer code by using only internal computing resources. Thereafter, the method 195 proceeds to determine (196) whether to execute one or more portions of executable computer code by effectively using a Dynamically Scalable Computing Resource. As a result, allocation of execution may be adjusted to use external resources.

In particular, if it is determined (196) to execute or continue to execute at least one portion of the executable computer code by effectively using a Dynamically Scalable Computing Resource, the method 195 proceeds to allocate (198) execution between internal and external computing resources accordingly. After execution of the executable computer code has been allocated accordingly, method 195 proceeds to determine (196) whether to execute one or more portions of executable computer code by effectively using a Dynamically Scalable Computing Resource. In effect, the allocation of execution may be adjusted to allocate more or less of the execution of the executable computer code to the external resources. Method 195 ends if it is determined (197) to end execution of the executable computer code, or if it is determined (197) not to execute the executable computer code.

As noted above, the Elastic Computing System (ESC) (e.g., ESC 101 shown in FIG. 1A) can effectively extend the internal (or physical) computing resources of a computing device, thereby extending the internal computing capabilities of the computing device. As a result, a virtual device with extensive computing capabilities can be effectively built using a device with relatively limited and/or reduced capabilities. It should be noted that the internal computing capabilities of the computing device can be extended at runtime in a dynamic manner.

To further elaborate, FIG. 2 depicts a computing environment 200 in accordance with one embodiment of the invention. The computing environment 200 can, for example, be provided by and/or for the computing device 100 depicted in FIG. 1A.

Referring to FIG. 2, an Elastic Layer (component or module) 202 can be provided for a hardware layer 204. The Elastic Layer (EL) 202 may interface with an optional top layer 206 that can, for example, include a User Interface (UI), a Web Top (WT) layer, or an application layer. As shown in FIG. 2, an optional Operating System (OS) layer 208 may also reside between the Elastic Layer (EL) 202 and the hardware layer 204, as will be appreciated by those skilled in the art. Moreover, those skilled in the art will appreciate that a Virtual Environment (VE) 210 (e.g., a Run Time Environment (RTE) 210) can be provided by the Elastic Layer (EL) 202 to effectively extend the physical hardware layer 204 and its capabilities. Referring to FIG. 2, the Elastic Layer (EL) 202 can be operable to effectively initiate and/or instantiate one or more instances of a VE 210 on demand and as needed. For example, an individual RTE instance 210A can be initiated for execution of a particular part or portion of executable computer code (e.g., an application component, an Applet, a Weblet). The Elastic Layer (EL) 202 can be operable to effectively initiate or cause initiation of a virtual computing environment by the ADSCR 106.

In effect, a computing resource 108A of the ADSCR 106 can be provided by an RTE instance 210A as if the physical computing resource 108A is present in the hardware layer 204. The RTE 210 allows effectively extending the resource 108A to the Computing Environment 200. Those skilled in the art will appreciate that the RTE can, for example, be provided to a virtual computing environment on the ADSCR 106 and/or the computing environment 200. The Elastic Layer (EL) 202 can initiate RTE instances 210 as needed and consequently be provided with the computing resources of the ADSCR 106 on demand, and in a dynamic manner at runtime (or during the execution of executable computer code). As a result, the Elastic Layer (EL) 202 can effectively provide a virtual computing device capable of providing computing capabilities that can be extended dynamically and on demand far beyond the real capabilities of the hardware layer 204.

As noted above, a “Cloud” computing resource is an example of a Dynamically Scalable Computing Resource, capable of providing computing services over the Internet using typically virtualized computing resources. It will be appreciated that the invention is especially suited for Web-based (or Web-centric) applications using “Cloud” computing technology.

To further elaborate, FIG. 3 depicts a computing device 300 in a Web-based environment in accordance with one exemplary embodiment of the invention. Referring to FIG. 3, a Web-based application 302 can include a manifest 302 m, a User Interface (UI) 302 u, and a plurality of other application components 302 a and 302 b, as is generally known in the art. Those skilled in the art will appreciate that as components of a Web-based application, components 302 a and 302 b can perform operations including, for example: responding to Hypertext Transfer Protocol (HTTP) requests, communicating with a single client and having a lifecycle bound to that of the client, executing locally or remotely. The components of a Web-based application (e.g., Web-based application 302) are referred to herein as “Weblets” (e.g., Weblets 302 a and 302 b). The manifest 302 m can effectively provide a description of the web-based application 302. As such, the manifest 302 m can, for example, provide information including the number of Weblets, format of Weblet requests, etc. Each of the Weblets 302 a and 302 b can be a part of an application and effectively encapsulate date state and the operations that can change the date state. A Weblet 302 a can include executable code, for example, in the form of “bytecodes” that effectively expose an HTTP Interface to the User Interface, as will be readily known to those skilled in the art.

Those skilled in the art will also know that the computing device 300 can effectively provide a Web Top layer 300A (or component), effectively providing an environment for rendering and executing (or running) User Interface (UI) components, such as, the User Interface (UI) 302 u of the web-based application 302. UI component 302 u can, for example, be a browser, as is generally known in the art.

Referring back to FIG. 3, the computing device 300 also includes an Elastic Layer (EL) 300B that may provide a number of components (or sub-components). In particular, an Application Manager (AM) 320 can be operable to initiate, or cause initiation of, one or more Virtual Computing Environments (VCEs), as one or more Internal Virtual Machines (IVMs) 308 in the computing device 300, and/or as one or more External Virtual Machines (EVM) 310 in a “Cloud” computing resource (or a “Cloud”) 312. Each one of the IVM 308 and EVM 310 can effectively support the execution of a Weblet of the Web-based application 302. By way of example, the IVM 308 can effectively support the execution of the Weblet 302 a when, or while, the EVM 310 effectively supports the execution of the Weblet 302 b. Those skilled in the art will readily appreciate that these VCEs can, for example, be provided as an Application Virtual Machine, such as, a Java Virtual Machine (JVM), a Common Language Runtime (CLR), a Low Level Virtual Machine (LLVM), and others including those that can provide a complete operating system environment. The Application Manager (AM) 320 can manage an application and/or the execution of the application as a whole. As such, the Application Manager (AM) 320 can effectively serve as a higher level layer that communicates with a lower layer effectively provided by an Elasticity Manager (EM) 322 component operable to manage the individual Weblets.

In addition, the Application Manager (AM) 320 component of the Elastic Layer (EL) 300B can be operable to determine whether to initiate a VCE internally as an IVM 308, or cause initiation of a VCE externally as an EVM 310 on the “Cloud” 312. In other words, the Application Manager (AM) 320 component can be operable to determine whether to execute a particular Weblet (e.g., Weblet 302 a, Weblet 302 b) using the internal computing resources of the computing device 300 or external computing resources of the “Cloud” 312 which are dynamically scalable and can be provided on demand. The Application Manager (AM) 320 can be operable to make this determination based on the information provided by an Elasticity Manager (EM) 322. Generally, the Elasticity Manager (EM) 322 can be operable to monitor the environment of the computing device 300, including the computing environment of the computing device 300, and provide monitoring data to the Application Manager (AM) 320. The Elasticity Manager (EM) 322 component can, for example, monitor the environment (e.g., computing environment) of the computing device 300 based on data provided by sensors 324. Based on the data provided by the sensor and/or obtained from other sources, it can be determined whether to use of more or less of the external resources of the “Cloud” 312. As such, the Application Manager (AM) 320 may effectively initiate more EVMs on the “Cloud” 312 in order to, for example, move the execution of the Weblet 302 a to the “Cloud” 312 and/or additionally execute a third Weblet of the Web-based application 302 (not shown) on an EVM of the “Cloud” 312.

It should be noted that a switcher component 326 can effectively connect the Weblets (or execution of the Weblets) 302 a and 302 b to the User Interface (UI) 302 u regardless of whether the execution is supported entirely by the internal computing resources of the computing device 300, or the execution is supported at least partly by the external computing resources of the “Cloud” 312.

It should be noted that the “Cloud” 312 may have a Cloud Management Service (CMS) 312M that effectively manages services provided to various clients of the “Cloud” 312, including the computing device 300. More particularly, Elasticity Manager (EM) 322 can effectively interface with the CMS 312M in order to manage or co-manage one or more EVMs 310 provided by the “Cloud” 312 on behalf of computing device 300. In other words, the Elasticity Manager (EM) 322 can also be operable to serve as an interface to the “Cloud” 312 and manage and/or co-mange the computing environments of the “Cloud” 312 that pertain to the computing device 300.

In addition, the “Cloud” 312 may include other components. As shown in FIG. 3, “Cloud” 312 can provide a Web Top Environment 312W operable to effectively render and execute the User Interface (UI) 302 u of the Web-based application 302. Moreover, the Elasticity Manager (EM) 322 may effectively request that the Application Manager (AM) 320 initiate the execution of the User Interface (UI) 302 u by the “Cloud” 312. As a result, the User Interface (UI) 302 u may be effectively rendered and executed in the Web Top Environment 312W of the “Cloud” 312. In that case, a Remote User Interface (RUI) 330 can be operable to communicate with the User Interface (UI) 302 u being rendered and executed by the “Cloud” 312. The Remote User Interface (RUI) 330 may, for example, communicate user input data to the “Cloud” 312 and receive as output relatively simple instructions, such as, update display, and so on. As such, the Remote User Interface (RUI) 330 may be provided as a “thin client” or a “lightweight” User Interface while the UI logic is essentially performed by the “Cloud” 312.

It should be noted that the computing device 300 can include additional components. Referring to FIG. 3, an application loader 328 can be operable to load various components of the Web-based application 302 in a similar manner as a conventional application loader operates.

Moreover, it should be noted that the computing device 300 can be operable to dynamically adjust its usage of the external computing resources (or services) provided by the “Cloud” 312 at runtime when one or more of the Web-based application 302 are being executed. As such, the computing device 300 can behave as a dynamically adjustable (or Elastic) device. To further demonstrate the dynamic adaptability (or Elasticity) of the computing device 300, FIGS. 4A, 4B, 4C and 4D depict various configurations of a dynamically adjustable (or Elastic) computing device 300 in accordance with a number of embodiments of the invention.

Referring to FIG. 4A, the computing device 300 (also shown in FIG. 3) may initially execute both Weblets 302 a and 302 b and execute and render the UI 302 u using its own internal computing resources. However, if the internal computing resources are needed for other tasks, or other factors dictate preservation of the internal computing resources, the computing device 300 may use the services of the external computing resources of a “Cloud” 312, as shown in FIG. 4B. The factors that may dictate preservation of the internal computing resources can, for example, include the location of the computing device 300, the battery power, monetary cost associated with obtaining external computing services, network bandwidth available for obtaining external computing services, and so on. Referring now to FIG. 4B, execution of the Weblet 302 a can be supported by the “Cloud” 312 instead of the computing device 300 while Weblet 302 b and UI 302 u are still executed using the internal computing resources of the computing device 300. Those skilled in the art will readily appreciate that the execution of the Weblet 302 a can be effectively moved to the “Cloud” 312 by, for example, requesting its execution from “Cloud” 312 or effectively initiating its execution on “Cloud” 312. As a dynamically Elastic device, the computing device 300 may still use more of the computing resources of the “Cloud” 312 during execution or runtime. As shown in FIG. 4C, Weblet 302 a and 302 b can both be executed by the “Cloud” 312 while only the UI 302 u is executed using the internal computing resources of the computing device 300. Subsequently, the execution of the UI 302 u can even be effectively moved to the “Cloud” 312, as depicted in FIG. 4D. By way of example, the execution of the UI 302 u can be requested from “Cloud” 312 or effectively initiated on Cloud” 312 in order to effectively move the execution of UI 302 u to “Cloud” 312.

Those skilled in the art will appreciate that Cloud Computing (CC) can, among other things, deliver infrastructure-as-a-service (IaaS), platform-as-a-service (PaaS), and software-as-a-service (SaaS). As a result, computing models for service providers and individual consumers that enable new IT business models, such as, for example, “resource-on-demand”, pay-as-you-go, and utility-computing. In the case of consumer electronic (CE) devices, applications are traditionally constrained by limited and/or reduced resources, such as, for example, low CPU frequency, smaller memory, low network bandwidth, and a battery powered computing environment. Cloud computing can be used to effectively remove the traditional constraints imposed on CE devices. Various “Elastic” devices, including CE devices can be augmented with cloud-based functionality.

FIG. 5 depicts an Elastic mobile device (or mobile terminal) 502 operable to effectively consume cloud resources via an Elasticity service 504 in a computing/communication environment 500, in accordance with one embodiment of the invention. In the computing/communication environment 500, an Elastic application can include of one or more Weblets that can function independently, but can communicate with each other. When an Elastic application is launched, an Elastic manager on the mobile device 502 (not shown) can monitor the resource requirements of the Weblets of the application, and make decisions as to where the Weblets can and/or should be launched. By way of example, computation and/or communication extensive Weblets, such as image and video processing, usually strain the processors of mobile devices. As such, an Elastic manager can determine to launch computation and/or communication extensive Weblets on one or more platforms in the cloud. On the other hand, User Interface (UI) components requiring extensive access to local data of the mobile device 502 may be launched by the Elastic manager on the mobile device 502. When a Weblet is to be launched on the cloud, the Elastic manager can be operable to communicate with the Elasticity service 504 residing on the cloud. The Elasticity service 504, among other things, can be operable to make decisions regarding the execution of one or more Weblets on the cloud. By way of example, the Elasticity service 504 can determine on which cloud node a Weblet can and/or should be launched, and how much storage can and/or should be allocated for the execution of the Weblet on the cloud. The Elasticity service can also be operable to return information back to the mobile device 502 after successfully launching the Weblet (e.g., return an endpoint URL). In some situations, even with heavy computational tasks, execution on the device may be preferred and/or only possible. For example, when the mobile device 502 is unable to communicate with the Elasticity service 504 (e.g., mobile device 502 is offline, media items to be executed are small in size or number, or fast response time is not a requirement. In general, the mobile device 502 and the Elasticity service 504 can “work together” to decide where and how various tasks can and/or should be executed. The Elasticity service 504 can be operable to organize cloud resources and delegate various application requirements of multiple mobile devices including the mobile device 502. As a service provider, the Elasticity service 504 may or may not be part of a cloud provider.

Furthermore, the Elastic manager can be operable to make decisions regarding migrating Weblets during runtime (e.g., when Weblets are being executed) between the mobile device 502 and the cloud, based in various criteria, for example, including changes in the computing environment of the mobile device 502 or changes in user preferences. It should be noted that the Weblets of an application can be operable to communicate with each other during execution to exchange various information to, for example, synchronize the application state and exchange input/output data. As will be appreciated by those skilled in the art, communication between the Weblets of the same application can, for example, be accomplished by a Remote Procedure Call (RPC) mechanism or using “RESTful” web services. The Elasticity service 504 can organize cloud resources and delegates application requirements from various mobile devices including the mobile device 502. As a service provider, the Elasticity service 504 may or may not be part of a cloud provider.

Those skilled in the art will readily appreciate that the mobile device 502 can, for example, represent an example of a computing device 300 depicted in FIG. 4, and the Elastic Service 504 can, for example, represent a Cloud Management Service 312 also depicted in FIG. 4.

It will also be appreciated that the computing/communication environment, among other things, allows development of applications (Elastic applications) that can even better leverage cloud computing for mobile devices that have traditionally been resource constrained. The general concepts and benefits of Elastic applications are disclosed in U.S. Provisional Patent Application No. 61/222,855, entitled “SECURING ELASTIC APPLICATIONS ON MOBILE DEVICES FOR CLOUD COMPUTING,”, filed Jul. 2, 2009, which is hereby incorporated by reference herein for all purposes, and, among other things, provides an Elastic framework architecture, and an Elastic application model, a security model for Elastic applications and an Elastic computing/communication environment.

In view of the foregoing, it will also be appreciated that the techniques described above, among other things, allow splitting an application program into sub-components (e.g., Weblets spilt between an Elastic device and a Cloud computing resource). This approach dramatically differs from conventional approaches, including those that primarily focus on providing resources (e.g., Information Technology (IT) resources provided by enterprise IT infrastructures), traditional client/server models where computation can be initially and statically requested from a service provider (e.g., a server), whereby most, if not all, of the computation is done by the service provider. In stark contrast, the invention allows computation to be done based on application components (e.g., individual Weblets) and allows each application component to be executed by a different entity and in a different location. As such, the invention allows an application model that need not distinguish between clients and servers, but can distinguish between individual components of a single application. The invention also provides device or client based techniques and solutions that have not been addressed by conventional approaches, which have been primarily focused on providing resources from the perspective of a resource or service provider. Again, it should be noted that the techniques of the inventions are especially and highly suited for mobile devices that have been traditionally constrained by limited computing capabilities due to their limited and/or reduced computing resources. Conventional techniques do not provide a practical and feasible solution for allowing mobile devices to effectively split execution of applications between in a dynamic manner, thereby allowing execution of an application to be split during runtime in a manner deemed more appropriate at a given time, and yet split differently later but still during the runtime of the same application.

Secure Elastic Computing Systems and Environments

FIG. 6A depicts an Elastic computing environment 600 in accordance with one embodiment of the invention. Referring to FIG. 6A, individually executable computer code portions of the executable code 104 can be allocated for execution between the internal computing resources 106 of the Elastic computing device 602, and external resources 108 of a dynamically scalable computing resource (DSCR) 106 in the Elastic computing environment 600. It should be noted that an executable computer code portion (or component) of the executable computer code 104 (e.g., 104A, 104B, 104C) can request the services of a service provider 606 when executed on the Elastic computing device 602 or executed effectively by or in the DSCR 106. Conventionally, all the executable computer code portions would be assigned the same service access permission (or access permission) by the service provider 606 (e.g., a web service, a web service provider, a web server). For example, a token indicative of access permission can be assigned by a web service (606) to the executable computer code 104. In other words, conventionally, a single access permission would be assigned to the executable computer code 104 as a whole and the same security policy would be enforced with respect to all of the individually executable code portions (e.g., 104A, 104B, 104C). As such, security could be especially problematic with respect to the executable code portions being executed by the DSCR 106 if conventional techniques are used, as sensitive and private information may potentially be made accessible in the DSCR 106. As a result, external agents and/or external computer code executing in the DSCR 106 may effectively gain access to sensitive and private information that may be stored by the service provider 106.

Referring to FIG. 6A, it will be appreciated that a Granular Security System (GSS) 610 can be provided for the Elastic computing device 602 to facilitate enforcement of component-specific access permissions respectively assigned to individually executable code portions (e.g., 104A, 104B, 104C) of the executable computer code 104. By way of example, various component-specific access permissions (SAPA, SAPB and SAPC) can be respectively assigned to individually executable computer code portions 104A, 104B and 104C and individually enforced in connection with accessing services of the service provider 606.

It should be noted that each of the component-specific access permissions (SAPA, SAPB and SAPC) may be associated with an indicator (e.g., a sub-token) that could be generated by the service provider 606. The SAPA, SAPB and SAPC can also be associated with a general indicator (e.g., a token) assigned by the service provider 606 to the executable computer code 104.

Generally, the service provider 606 may have knowledge of the component-specific permissions (SAPA, SAPB and SAPC) or may operate as a conventional service provider that only recognizes a single access permission assigned to the executable computer code 104. In other words, the service provider 606 can be operable to define and/or assign indicator (e.g., sub-tokens) indicative of the component-specific permissions (SAPA, SAPB and SAPC) to individually executable code portions of the executable code 104 and effectively enforce the component-specific permissions itself, in accordance with the principals of the invention. This means that the GSS 610 may be effectively distributed between the Elastic computing device 602 and service provider 606 (not shown) as will be readily appreciated by those skilled in the art.

Alternatively, an access proxy server 612 can be provided to define and/or assign the component-specific permissions and effectively enforce them in accordance with the principals of the invention. The access proxy server 612 can serve as an interface between the DSCR 106 and service provider 606 such that, for example, an executable code portion 104 a executing in the DSCR 106 would have to request services of the service provider 606 from the access proxy server 612 which would, in turn, identify a particular component-specific permission SAPA assigned to the executable code portion 104 a and enforce the component-specific permission SAPA accordingly. As a result, the access proxy server 612 may grant a service request by way of presenting the service provider 606 with a general indicator (e.g., a token issued by the service provider 606) and the requested service. The access proxy server 612 may deny the service request by not presenting the general access permission or the request to the service provider 606. It should be noted that the access proxy server 612 may provide the executable code portion 104 a with the resulting data, including an acknowledgement of completion of the requested service(s).

In any case, component-specific permissions (SAPA, SAPB and SAPC) can be defined and/or assigned to individually executable code portions of the executable code 104 and effectively enforced in the Elastic computing environment 600, in accordance with the embodiment depicted in FIG. 6A. A component-specific permission can, for example, be defined as general read or write permissions, or device or location specific read or write permissions (e.g., write to the device, write to a private cloud, read all public clouds). It will be appreciated that the component-specific access permissions allow allocation of executable code portions of the executable code 104 in a more secure manner. By way of example, individually executable portions (or components) of the executable computer code 104 with write access permission can be executed locally on the Elastic computing device 602 using internal computing resources 102 to the extent possible, while portions of executable computer code 104 that have only read access permission may be allocated to the DSCR 106 and external computing resources 108 for execution.

It should be noted that the GSS 610 can also be operable to request cancellation of a general access permission or any one of the component-specific permissions (SAPA, SAPB and SAPC), in accordance with principles of the invention. Specifically, the GSS 610 can be operable to request (or demand) cancellation of the specific indicator (e.g., a sub-token) associated with a particular portion of the computer execute code 104, or cancellation of a general indicator (e.g., a token) associated with the computer execute code 104 as a whole, in accordance with the embodiment described in FIG. 6A. Referring to FIG. 6A, the provider 606 can be operable to recognize the request for cancellation and cancel the indicator that it has issued, or render it inoperable to effectively withdraw the general access permission of the executable computer code 104 as a whole, or withdraw a component-specific access permission assigned to a particular portion of the executable computer code 104.

Alternatively, the access proxy server 612 can be operable to manage general and component-specific access permissions in accordance with another embodiment of the invention. Moreover, the access proxy server 612 can be operable to cancel and/or effectively render general and specific access permissions inoperable. This means that Elastic device 602 may be operable to send a request for cancellation of a general access permission or a request for cancellation of a particular component-specific permission (e.g., SAPA) to the access proxy server 612 which can, in turn, cancel (or render inoperable) a component-specific permission and/or a general access by refusing to provide the corresponding indicators (e.g., a token, a sub-token) to the service provider 606 after a request for cancellation has been received. As such, the service provider 606 need not provide a cancellation function or be aware of the existence of component-specific access permissions maintained by the proxy server 610.

FIG. 6B depicts a method 650 for enforcing access permissions (or permissions) for accessing services of a service provider in accordance with one embodiment of the invention. Method 650 can, for example, be at least partly used by the GSS 610 and/or the service provider 606 in the computing environment 600 depicted in FIG. 6A. Referring to FIG. 6B, initially, a plurality of component-specific access permissions are obtained (652). It should be noted that the component-specific access permissions are respectively assigned to a plurality of individually executable portions of computer executable code that can each request the services of the service provider when executed by or in a dynamically scalable computing resource (e.g., a cloud). Generally, the component-specific access permissions can be determined and assigned by the service provider or another entity, for example, by the access proxy server 612, or the GSS 610 (shown in FIG. 6A). In any case, one or more of the component-specific access permissions are enforced and/or caused to be enforced for accessing the services of the service provider respectively by one or more of the individually executable portions of the executable computer code. A component-specific access permission can be enforced by the service provider. Another entity (e.g., GSS 610 depicted in FIG. 6A) can cause enforcement of a component-specific access permission, for example, by providing an individually executable portion with a component-specific access permission indicative of the access permission specifically assigned to it, and as the only mechanism to access the services of the service provider. This entity may also be responsible for determining the specific access permissions to be assigned and communicating the same to a service provider in order to facilitate enforcement of component-specific access permission with respect to services requested by a particular portion of executable code. Method 650 ends following enforcement of one or more component-specific access permissions.

In view of the foregoing, it will be readily apparent that component-specific permissions can be assigned to individually executable computer code and enforced with respect to services that can be provided by a service provider in an Elastic computing environment that allows a computing device to use the external computing resources of a DSCR (e.g., a public cloud). Given the prevalence of web-based applications and environments in various computing environment that are available today, a web-based computing environment will be described in accordance with one embodiment of the invention.

FIG. 7A depicts a web-based Elastic computing environment 700 in accordance with one embodiment of the invention. Referring to FIG. 7A, an Elastic device 702 can effectively allocate one or more individually executable web-based application components (Weblet A, Weblet B and Weblet C) of web-based Elastic application 704 to a Cloud 706 in the web-based Elastic computing environment 700. As show in FIG. 7A, in addition to the web-based application components (or weblets), the web-based Elastic application 704 can also include a User Interface (UI) 704B and a manifest 704C. Typically, the User Interface (UI) 704B is a Graphical User Interface (GUI) that can be processed by a UI or GUI component 702B of the Elastic device 702. It will be appreciated that in addition to the application manifest 707, the manifest 704C can provide access control information (or data) 708, including component-specific access permissions respectively assigned to the individual weblets (Weblet A, Weblet B and Weblet C). The manifest 704C can also include additional data 709 (e.g., local information).

The Elastic device 702 can be operable to submit a request for an access token (or token) to the web service (or web service provider) 710. This request can be approved or authorized by a user of the Elastic device 702 and can be generally processed by or via the UI 702B of the Elastic device 702 to effectively provide the web-based Elastic application 704 with the access token. Subsequently, the web-based Elastic application 704 can effectively register the access token along with the domain and possibly other credentials with the GSS 610 of the Elastic device 702.

After the registration process, individual weblets (Weblet A, Weblet B and Weblet C) can be allocated for execution by the computing resources of the Elastic device 702 and/or cloud 706. As a result, a particular weblet can request authorization credentials for accessing services of the web service 710. This request can be submitted via a Cloud Fabric Interface (CFI) 712 to an Elastic Manager (EM) component 714 when the weblet is being executed by the cloud 706 or requested directly from the EM 714 when the weblet is being executed locally on the Elastic device 702. Consequently, the EM 714 can make a request to the GSS 610 for the component-specific permission (or a sub-token) assigned to the particular weblet that has made a request for authorization credentials in order to access services of the web service 710. In other words, a request for appropriate sub-token assigned to the weblet can be made. Access permissions assigned to a particular weblet can be determined based on the access control data 708 of the manifest 704C provided for the web-based Elastic application 704. By way of example, it can be determined that the weblet A is assigned read only access permission. It should be noted that a sub-token assigned to a particular weblet is associated with (or is a child of) the token (or parent token) assigned to the web-based Elastic application 704.

GSS 610 can request a sub-token from the web service 710 for the specific access permission assigned to the weblet requesting services from the web service 710. This request can be authorized by the web service 710 based on the registered access token provided by the GSS 610. A sub-token assigned to the specific access permissions identified by the GSS 610 can be determined by the web service 710. The sub-token can be provided by the web service 710 to the GSS 610, which can communicate it to the EM 714. In turn, the EM 714 can provide the sub-token to the weblet requesting the web services of the web service 710. The weblet can then use the sub-token to access the services of the web service 710. It should be noted that the sub-token is indicative of specific access permissions assigned to the weblet, and the service provider 710 will provide services to the weblet only in accordance with the access permissions identified by the sub-token. By way of example, a weblet A could only have read access permissions when requesting services from the web service 710, but a weblet B could have read and write permission, and so on.

It should be noted that GSS 610 can be operable to effectively revoke a sub-token or its parent token by making an explicit request to the web service 710. After a request for revocation has been made, the web service 710 will no longer honor the sub-token(s) or the token itself. As a result, access permissions of one or more weblets or the web-based Elastic application 704 itself can be explicitly revoked, rendering one or more sub-token or the token itself ineffective. Generally, revoking a token could also result in cancellation of its associated sub-tokens.

FIG. 7B depicts a method 750 for allowing a weblet to access a web service in accordance with one embodiment of the invention. Method 750 can, for example, be used by the GSS 610 depicted in FIG. 7A. Referring to FIG. 7B, initially, it is determined (752) whether a weblet is requesting services of a web service. A weblet may explicitly make a request for accessing services or make a request for a sub-token that it can provide to the web service in order to obtain the services of the web service. If it is determined (752) that a request has been made by the weblet, one or more access permissions assigned to the weblet are determined (754). The access permissions can, for example, be provided to the web service with a request for a sub-token. The request can be accompanied by a register token associated with a web-based application that includes the weblet. The web service can determine (e.g., generate) a sub-token indicative of the assigned access permissions and provide it in response to the request for the sub-token. As such, it can be determined (756) whether a sub-token has been obtained for the access permissions as depicted in FIG. 7B. Consequently, if it is determined (756) that a sub-token has been obtained, the sub-token can be provided (758) to the weblet that has made the request to access the services of the web service before the method 750 ends.

It should be noted that a weblet can effectively make a request for a sub-token, subsequently be provided with the sub-token and effectively use the sub-token to receive web services from a web service in accordance with the specific access permissions assigned to the sub-token. A web service can receive a request for sub-token band generate a sub-token indicative of access permissions specifically assigned to a particular weblet. 

What is claimed is:
 1. A method of enforcing access permissions for services of a service provider, comprising: obtaining a plurality of component-specific access permissions respectively assigned to a plurality of individually executable portions of a computer executable code for accessing the services of the service provider, wherein at least one of the individually executable portions is configured to request at least one of the services when executed by a dynamically scalable computing resource; enforcing at least one of the component-specific access permissions in connection with accessing at least one of the services by at least one of the individually executable portions; and requesting cancellation of at least one of the component-specific access permissions, wherein said at least one of the component-specific access permissions is rendered inoperable in response to a request to cancel said at least one of the component-specific access permissions.
 2. The method of claim 1, further comprising: requesting cancellation of a general access permission assigned to the computer executable code, wherein the plurality of component-specific access permissions is associated with the general access permission.
 3. The method of claim 2, further comprising: rendering the general access permission inoperable in response to a request to cancel the general access permission.
 4. The method of claim 1, wherein each one of the individually executable portions is allocated for execution to internal computing resources of the computing system or to external computing resources of the dynamically scalable computing resource during or at runtime.
 5. The method of claim 1, wherein: the computer executable code is a web-based application program; the service provider is a web service; and the dynamically scalable computing resource includes a cloud.
 6. The method of claim 1, wherein: a token is assigned by the service provider to the computer executable code; and the plurality of component-specific access permissions are associated with sub-tokens assigned by the service provider.
 7. The method of claim 1, further comprising: sending at least one of the component-specific access permissions to the service provider; and receiving from the service provider a sub-token indicative of at least one component-specific access permission.
 8. The method of claim 7, further comprising: sending at least one sub-token to at least one of the individually executable portions.
 9. A computing system including one or more processors operable to: allocate at least one of a plurality of individually executable portions of a computer executable code to at least one external computing resource of a dynamically scalable computing resource, wherein at least one of the individually executable portions is configured to request a service of a service provider; and obtain at least one component-specific access permission assigned to at least one individually executable portion, wherein the at least one component-specific access permission is enforced in connection with accessing the service of the service provider by the at least one individually executable portion; and request cancellation of at least one component-specific access permission, wherein said at least one of the component-specific access permission is rendered inoperable in response to a request to cancel said at least one component-specific access permission.
 10. The computing system of claim 9, wherein the one or more processors are further operable to: obtain from the service provider at least one sub-token indicative of the at least one component-specific access permission; and send at least one sub-token to at least one of the individually executable portions.
 11. The computing system of claim 9, wherein the one or more processors are further operable to: request cancellation of a general access permission assigned to the computer executable code, wherein the plurality of component-specific access permissions is associated with the general access permission.
 12. The computing system of claim 11, wherein the one or more processors are further operable to: render the general access permission inoperable in response to a request to cancel the general access permission.
 13. The computing system of claim 9, wherein each one of the individually executable portions is allocated for execution to internal computing resources of the computing system or to external computing resources of the dynamically scalable computing resource during or at runtime.
 14. The computing system of claim 9, wherein: the computer executable code is a web-based application program; the service provider is a web service; and the dynamically scalable computing resource includes a cloud.
 15. The computing system of claim 9, wherein: a token is assigned by the service provider to the computer executable code; and the plurality of component-specific access permissions are associated with sub-tokens assigned by the service provider.
 16. A computing system including one or more processors operable to: communicate with a service provider; and request from the service provider cancellation of at least one of a plurality of component-specific access permissions, wherein the plurality of component-specific access permissions is respectively assigned to a plurality of individually executable portions of a computer executable code, wherein at least one of the individually executable portions is configured to access in connection with its respective component-specific access permission a service of the service provider when executed by a dynamically scalable computing resource, wherein said at least one of the plurality of component-specific access permissions is rendered inoperable in response to a request to cancel said at least one of the plurality of component-specific access permissions.
 17. The computing system of claim 16, wherein the one or more processors are further operable to: request cancellation of a general access permission assigned to the computer executable code, wherein the plurality of component-specific access permissions is associated with the general access permission.
 18. A computing system including one or more processors operable to: determine a plurality of indicators respectively indicative of a plurality of component-specific access permissions assigned to a plurality of individually executable portions of a computer executable code for accessing one or more services, wherein at least one of the individually executable portions is configured to request the one or more services when executed by a dynamically scalable computing resource; enforce at least one of the component-specific access permissions in connection with accessing the one or more services by at least one of the individually executable portions; and cancel at least one component-specific access permission in response to an explicit request to cancel said at least one component-specific access permission, wherein said at least one component-specific access permission is rendered inoperable in response to said request to cancel said at least one component-specific access permission.
 19. The computing system of claim 18, wherein the computing system is a service provider providing the one or more services.
 20. The computing system of claim 19, wherein: the indicators are sub-tokens of a token assigned to the computer executable code; and the dynamically scalable computing resource includes a cloud.
 21. The computing system of claim 18, wherein the computing system is a proxy server.
 22. The computing system of claim 18, wherein the one or more processers are further operable to cancel a general access permission assigned to the computer executable code, wherein the plurality of component-specific access permissions is associated with the general access permission.
 23. A non-transitory computer storage medium storing at least executable computer code for enforcing access permissions for services of a service provider, wherein the executable computer code includes: executable computer code for obtaining a plurality of component-specific access permissions respectively assigned to a plurality of individually executable portions of a computer executable code for accessing the services of the service provider, wherein at least one of the individually executable portions is configured to request at least one of the services when executed by a dynamically scalable computing resource; executable computer code enforcing at least one of the component-specific access permissions in connection with accessing at least one of the services by at least one of the individually executable portions; and executable computer code requesting cancellation of at least one of the component- specific access permissions, wherein said at least one of the component-specific access permissions is rendered inoperable in response to a request to cancel said at least one of the component-specific access permissions.
 24. A method comprising: communicating with a service provider; and requesting from the service provider cancellation of at least one of a plurality of component-specific access permissions, wherein the plurality of component-specific access permissions is respectively assigned to a plurality of individually executable portions of a computer executable code, wherein at least one of the individually executable portions is configured to access in connection with its respective component-specific access permission a service of the service provider when executed by a dynamically scalable computing resource, and wherein said at least one of the plurality of component-specific access permissions is rendered inoperable in response to a request to cancel said at least one of the plurality of component-specific access permissions.
 25. A non-transitory computer storage medium having executable computer code comprising: executable computer code for communicating with a service provider; and executable computer code for requesting from the service provider cancellation of at least one of a plurality of component-specific access permissions, wherein the plurality of component- specific access permissions is respectively assigned to a plurality of individually executable portions of a computer executable code, wherein at least one of the individually executable portions is configured to access in connection with its respective component-specific access permission a service of the service provider when executed by a dynamically scalable computing resource, and wherein said at least one of the plurality of component-specific access permissions is rendered inoperable in response to a request to cancel said at least one of the plurality of component-specific access permissions. 